National Institute of 
Standards and Technology 





P) TREND. NIST 
MICRO 


Cloud Conformity Infrastructure Report: 
NIST 800-53 (Rev. 4) 


AWS Account: Staging 


Sun Apr 12 2020 15:33:31 GMT+0000 (Coordinated Universal Time) 
NIST 800-53 (1 Account) 


Summary 


5324 Filtered Checks 1823 Failed REZ 3501 Succeeded“ 


Filters applied: 
Standards & Frameworks: [PETETA 


#Compliance Score and percent success metrics are dependent on (1) active / selected filters, (2) data access you have provided 
on your account(s) or provided to you by your Organisation admin, and (3) controls which Cloud Conformity is able to check for on 
your cloud infrastructure - this would exclude for example workload across accounts, and organisational processes. Standard and 
framework control to rule mapping represents the expert opinion of Cloud Conformity and not necessarily that of the standard or 
framework authority. Rule severities and categories apply to Cloud Conformity's rules and not the controls they are mapped to. 
Your account(s) compliance with any Framework or Standard should be assessed in conjunction with your own internal review. 
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Access Control 


No. Control 

AC-1 ACCESS CONTROL POLICY AND PROCEDURES 
Rule Service Categories 
No rule to display 

No. Control 

AC-2 ACCOUNT MANAGEMENT 
Rule Service Categories 
IAM Policy Changes Alarm CloudWatchLogs Security 
Root Account Usage Alarm CloudWatchLogs Security 
IAM User Present IAM Security 
Account Alternate Contacts 

IAM S it 

(Not Scored) i 
Root Account Usage IAM Security 
Support Role IAM Security 

No. Control 

AC-3 ACCESS ENFORCEMENT 
Rule Service Categories 
Cloud Conformity Custom CleadGontorniy Operational 
Policy Version Excellence 
CloudFormation Stack Policy CloudFormation Security 
Support Role IAM Security 

No. Control 
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Risk level 


Risk level 


High 


High 


Medium 


High 


High 


High 


Risk level 


High 


Medium 


High 


Priority 


Uv 
=j 


Counts 


Priority 





Priority 


Counts 


FAILURE: 1 


FAILURE: 140 


SUCCESS: 1 


Priority 


Total counts 


Total counts 


FAILURE: 1 


SUCCESS: 5 


Resolve... 


Total counts 


SUCCESS: 1 


Resolve... 


Resolve... 


Total counts 





FAILURE: 141 
EMM 
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AC-4 INFORMATION FLOW ENFORCEMENT P1 
Rule Service Categories Risk level Counts 
ional 
Tracing Enabled APIGateway ee Low Resolve... 
Excellence 
CloudFront Traffic To Origin CloudFront Saad eds 
Unencrypted 
Deran Socially Group EE? Security Low Resolve... 
Unrestricted 
EE EE Wien Kinesis Security High Resolve... 
CMK 
S3 Bucket Public 'READ' Extreme, 
S3 Security Resolve... 
Bucket Public 'READ_ACP' 
Ee oe -AC S3 Security Very High 
Access 
Bucket Public 'WRITE' 
Access 
Bucket Public 'WRITE_ACP' 
S3 Bucket Public _AC 53 Security Very High 
Access 
S3 Bucket Public 
'FULL CONTROL Access oe ee 
| MSE EN ere earn S3 Security Very High Resolve... 
Secure Transport | eerie. S3 Securit Medium Resolve... 
i ' 
VPC Flow Logs Enabled VPC Security Low Resolve... 
Unrestricted Network ACL 
Outbound Traffic C Security edium esolve 
i N k ACL 
oue Pie os es p VPC Security Medium Resolve... 
Inbound Traffic 
No. Control Priority Total counts 


FAILURE: 10 


AC-5 SEPARATION OF DUTIES P1 = 


SUCCESS: 379 





Rule Service Categories Risk level Counts 
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ional 
Cloud Contemmuty Custom Cloud Cantority Operationa High ass 
Policy Version Excellence 
i k With 
Sonar ORE ENG CloudFormation Security Medium 
IAM Role 
IAM User Present LAM Security Medium Resolve... 
Account Alternate Contacts 
(Not Scored) Srey 9 
IAM Users Unauthorized to 
IAM it High Resolve... 
Edit Access Policies EE EE 
IAM Policies yuh Pul IAM seed Hab 
Administrative Privileges 
Support Role IAM Security High 
T 
AM oe eie es LAM Security Medium Resolve... 
No. Control Priority Total counts 
AC-6 LEAST PRIVILEGE Pi 
Rule Service Categories Risk level Counts 
i k With 
e Vat CloudFormation Security Medium 
IAM Role 
a es ER IAM Security Medium Resolve... 
Lambda Function With Admin lambda Seay Medium 
Privileges 
No. Control Priority Total counts 
AC-7 UNSUCCESSFUL LOGON ATTEMPTS P2 0 
Rule Service Categories Risk level Counts 
No rule to display 
No. Control Priority Total counts 
AC-8 SYSTEM USE NOTIFICATION Pil 0 
Rule Service Categories Risk level Counts 
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No rule to display 


No. Control 
AC-9 PREVIOUS LOGON (ACCESS) NOTIFICATION 
Rule Service Categories 
Sign-In Events (Not Scored) IAM Security 
No. Control 
AC-10 CONCURRENT SESSION CONTROL 
Rule Service Categories 
No rule to display 
No. Control 
AC-11 SESSION LOCK 
Rule Service Categories 
No rule to display 
No. Control 
AC-12 SESSION TERMINATION 
Rule Service Categories 


No rule to display 


No. Control 


AC-13 SUPERVISION AND REVIEW - ACCESS CONTROL 


Rule Service Categories 


No rule to display 


No. Control 
AC-14 PERMITTED ACTIONS WITHOUT IDENTIFICATION OR 
i AUTHENTICATION 
Rule Service Categories 
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Risk level 


Low 


Risk level 


Risk level 


Risk level 


Risk level 


Risk level 


Priority Total counts 
: 
Counts 


SUCCESS: 17 


Priority Total counts 
P3 0 
Counts 
Priority Total counts 
pe 0 
Counts 
Priority Total counts 
P2 0 
Counts 
Priority Total counts 
0 
Counts 
Priority Total counts 
pa 0 
Counts 
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No rule to display 


No. Control 

AC-15 AUTOMATED MARKING 
Rule Service 
No rule to display 

No. Control 

AC-16 SECURITY ATTRIBUTES 
Rule Service 


CloudFormation Stack Policy 


IAM Users Unauthorized to 
Edit Access Policies 


No. Control 
AGI REMOTE ACCESS 
Rule 


AWS Organizations Changes 
Alarm 


Root Account Access Keys 
Present 


Root Account Active Signing 


Certificates 


Sign-In Events (Not Scored) 


No. Control 
AGS WIRELESS ACCESS 
Rule 


No rule to display 


No. Control 
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CloudFormation 


IAM 


Service 


CloudWatchLogs 


IAM 


IAM 


IAM 


Service 


Categories Risk level 
Categories Risk level 
Security Medium 
Security High 
Categories Risk level 
Security Medium 
Security High 
Security High 
Security Low 

Categories Risk level 








Priority Total counts 
0 
Counts 
Priority Total counts 
PO FAILURE: 141 
Counts 
FAILURE: 140 Resolve... 
FAILURE: 1 Resolve... 
Priority Total counts 
FAILURE: 1 
Bi 
SUCCESS: 19 
Counts 


Resolve... 





Priority Total counts 
P1 0 
Counts 
Priority Total counts 


6/71 


AC-19 ACCESS CONTROL FOR MOBILE DEVICES 


Rule 


No rule to display 


No. Control 


Service 


Categories 


AC-20 USE OF EXTERNAL INFORMATION SYSTEMS 


Rule 


Content Encoding 


Private Endpoint 


API Gateway Integrated With 
AWS WAF 


Cloud Conformity Custom 
Policy Version 


S3 Bucket Public 'READ' 
Access 


S3 Bucket Public 'READ_ACP' 
Access 


S3 Bucket Public 'WRITE' 
Access 


S3 Bucket Public 
'WRITE_ACP' Access 


S3 Bucket Public 
'FULL CONTROL' Access 


S3 Bucket Authenticated 
Users 'READ' Access 


S3 Bucket Authenticated 
Users 'READ_ACP' Access 


S3 Bucket Authenticated 
Users 'WRITE' Access 


S3 Bucket Authenticated 
Users 'WRITE_ACP' Access 


S3 Bucket Authenticated 
Users 'FULL_CONTROL' 
Access 
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Service 


AP|Gateway 


APIGateway 


APIGateway 


CloudConformity 


S3 


S3 


S3 


oo 


5 


S3 


$3 


$3 


$3 


Categories 


Performance 
Efficiency 


Security 


Security 


Operational 
Excellence 


Security 


Security 


Security 


Security 


Security 


Security 


Security 


Security 


Security 


Security 


Risk level 


Risk level 


Medium 


Medium 


Medium 


High 


Extreme, 
Very High 


Very High 


Very High 


Very High 


Very High 


Very High 


Very High 


Very High 


Very High 


Very High 


ae) 


1 


Counts 


Priority 


— 


1 


Counts 


FAILURE: 46 





FAILURE: 46 


FAILURE: 46 


FAILURE: 1 


FAILURE: 1 


SUCCESS: 54 


SUCCESS: 55 


SUCCESS: 55 


SUCCESS: 55 


SUCCESS: 55 


SUCCESS: 55 


SUCCESS: 55 


SUCCESS: 55 


SUCCESS: 55 


SUCCESS: 55 


Total counts 


FAILURE: 191 


SUCCESS: 621 


Resolve... 


Resolve... 


Resolve... 


Resolve... 


Resolve... 
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S3 Bucket Public Access Via 


Policy 


S3 


S3 Cross Account Access S3 


Secure Transport 58 


No. 


AC-21 


Rule 


Control 


INFORMATION SHARING 


Service 


No rule to display 


No. Control 
AG-22 PUBLICLY ACCESSIBLE CONTENT 
Rule Service 
S3 Bucket Public Access Via 
k S3 
Policy 
No. Control 
AC-23 DATA MINING PROTECTION 
Rule Service 
Amazon Macie In Use (Not : 
Macie 
Scored) 
Secure Transport S3 
No. Control 
AC-24 ACCESS CONTROL DECISIONS 
Rule Service 


Powered by Cloud Conformity 


Security 


Security 


Security 


Categories 


Categories 


Security 


Categories 


Security 


Security 


Categories 


Very High 


High 


Medium 


Risk level 


Risk level 


Very High 


Risk level 


Medium 


Medium 


Risk level 





FAILURE: 5 





Resolve... 


Resolve... 





Priority Total counts 
P2 0 
Counts 
Priority Total counts 
FAILURE: 5 
P3 
SUCCESS: 50 
Counts 


Resolve... 
SUCCESS: 50 


Priority Total counts 
FAILURE: 46 
PO 
SUCCESS: 10 
Counts 


SUCCESS: 1 


FAILURE: 46 


SUCCESS: 9 


Priority Total counts 
FAILURE: 8 
PO 
SUCCESS: 254 
Counts 


Resolve... 
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Valid IAM Identity Providers IAM Security High 
IAM Policies With Full 
Administrative Privileges ee SELENY High 
IAM Role Policy Too Permissive IAM Security Medium 
Sign-In Events (Not Scored) IAM Security Low 

No. Control 

AC-25 REFERENCE MONITOR 
Rule Service Categories Risk level 
CloudFormation Stack With 
IAM Role CloudFormation Security Medium 
IAM Policies With Full : 
Administrative Privileges di is High 
A Role Foley Ton IAM Security Medium 
Permissive 

Awareness and Training 

No. Control 

AT-1 SECURITY AWARENESS AND TRAINING POLICY AND PROCEDURES 
Rule Service Categories Risk level 
No rule to display 

No. Control 

AT-2 SECURITY AWARENESS TRAINING 
Rule Service Categories Risk level 


No rule to display 


No. Control 
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— 





P 


P 





Priority 


Counts 


Priority 


1 


Counts 


Priority 


1 


Counts 


Priority 


Resolve... 


Resolve... 


Total counts 


FAILURE: 7 


SUCCESS: 377 


Resolve... 


Total counts 


Total counts 


Total counts 
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AT-3 ROLE-BASED SECURITY TRAINING 


Rule Service Categories 
No rule to display 

No. Control 

AT-4 SECURITY TRAINING RECORDS 
Rule Service Categories 
No rule to display 

No. Control 

AT-5 CONTACTS WITH SECURITY GROUPS AND ASSOCIATIONS 
Rule Service Categories 
No rule to display 

Audit and Accountability 

No. Control 

AU-1 AUDIT AND ACCOUNTABILITY POLICY AND PROCEDURES 
Rule Service Categories 
No rule to display 

No. Control 

AU-2 AUDIT EVENTS 
Rule Service Categories 
CloudTrail Global Services 
Enabled CloudTrail Security 
CloudTrail Global Services CloudTrail Serai 
Logging Duplicated 
CloudTrail Management CloudTrail Se 


Events 
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Risk level 


Risk level 


Risk level 


Risk level 


Risk level 


High 


Medium 


Medium 


Pi 0 
Counts 
Priority Total counts 
p3 0 
Counts 
Priority Total counts 


Counts 
Priority Total counts 
pil 0 
Counts 
Priority Total counts 
FAILURE: 92 
pil 
Counts 


SUCCESS: 1 


SUCCESS: 1 


SUCCESS: 18 
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CloudTrail Data Events CloudTrail Security Low Resolve... 
Cost 
Optimisation, 
Operational 
AWS CloudWatch Events In CloudWatchEvents Excellence, TE 
Use Performance 
Efficiency, 
Reliability, 
Security 
CloudTrail Changes Alarm CloudWatchLogs Security Medium 
j h 
Seti oup Elanees CloudWatchLogs Security Medium 
Alarm 
Network ACL Changes Alarm CloudWatchLogs Security Medium 
| h 
ea else CloudWatchLogs Security Medium 
Alarm 
VPC Changes Alarm CloudWatchLogs Security Medium 
IAM Policy Changes Alarm CloudWatchLogs Security High 
AWS Config Changes Alarm  CloudWatchLogs Security Medium 
S3 Bucket Changes Alarm CloudWatchLogs Security Medium 
Route Table Changes Alarm CloudWatchLogs Security Medium 
AW izati h 
* gaizan ans henge: CloudWatchLogs Security Medium Resolve... 
Alarm 
Sign-In Events (Not Scored) IAM Security Low 
Operational 
Excellence, 
RDS Event Notifications RDS Performance Low Resolve... 
Efficiency, 
Reliability 
S3 Bucket Logging Enabled S3 Security Medium Resolve... 
No. Control Priority Total counts 
AU-3 CONTENT OF AUDIT RECORDS P1 
Rule Service Categories Risk level Counts 


CloudTrail Enabled CloudTrail Security High 
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CloudTrail Global Services 











Enabled CloudTrai Security ig 
Operational 
CloudTrail Delivery Failing CloudTrail Excellence, Medium 
Security 
CloudTrail Data Events CloudTrail Security Low Resolve... 
AWS Config Global Resources Config Security Medium 
S3 Bucket Logging Enabled $3 Security Medium Resolve... 
S3 Buckets Lifecycle a 
3 : Sy Optimisation, Low Resolve... 
Configuration . 
Security 
VPC Flow Logs Enabled VPC Security Low Resolve... 
No. Control Priority Total counts 
AU-4 AUDIT STORAGE CAPACITY P1 0 
Rule Service Categories Risk level Counts 
No rule to display 
No. Control Priority Total counts 
FAILURE: 81 
AU-5 RESPONSE TO AUDIT PROCESSING FAILURES P1 
SUCCESS: 79 
Rule Service Categories Risk level Counts 
Operational 
APls CloudWatch Logs APIGateway ian, Medium Resolve... 
Efficiency 
CloudTrail Enabled CloudTrail Security High 
Operational 
CloudTrail Delivery Failing CloudTrail Excellence, Medium 
Security 
CloudTrail Data Events CloudTrail Security Low Resolve... 
CloudTrail Changes Alarm CloudWatchLogs Security Medium 
EC2 Instance Changes Alarm  CloudWatchLogs Security Medium 
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EC2 Large Instance Changes 
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CloudWatchLogs Security Medium 
Alarm 
AWS Config Changes Alarm CloudWatchLogs Security Medium 
AWS Config Enabled Config Security High 
AWS Config Global Resources Config Security Medium 
Operational 
Config Delivery Failing Config Excellence, Medium 
Security 
VPC Flow Logs Enabled VPC Security Low Resolve... 
No. Control Priority Total counts 
AU-6 AUDIT REVIEW, ANALYSIS, AND REPORTING P1 
Rule Service Categories Risk level Counts 
Operational 
ie Pree EG APIGateway Ne Medium Resolve... 
Metrics Performance 
Efficiency 
. oud oo SE CloudFormation Security Medium Resolve... 
Notification 
le Sign-in Fail 
ae holies CloudWatchLogs Security Medium 
Alarm 
Authorization Failures Alarm CloudWatchLogs Security Medium Resolve... 
CloudTrail Changes Alarm CloudWatchLogs Security Medium 
h 
an a a CloudWatchLogs Security Medium 
Alarm 
Network ACL Changes Alarm  CloudWatchLogs Security Medium 
| h 
ntemet Gateway Changes CloudWatchLogs Security Medium 
Alarm 
VPC Changes Alarm CloudWatchLogs Security Medium 
EC2 Instance Changes Alarm  CloudWatchLogs Security Medium 
pd instance Changes CloudWatchLogs Security Medium 
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IAM Policy Changes Alarm CloudWatchLogs Security 
AWS Config Changes Alarm CloudWatchLogs Security 
S3 Bucket Changes Alarm CloudWatchLogs Security 
Route Table Changes Alarm CloudWatchLogs Security 
Root Account Usage Alarm CloudWatchLogs Security 
CMK Disabled or Scheduled : 
or Deletion Alann CloudWatchLogs Security 
AW izati h 
= i anaon onen nage CloudWatchLogs Security 
Alarm 
AW le Sign In With 
Reis ER Ee CloudWatchLogs Security 
MFA 
Operational 
Instance Level Events ued 
ee RDS Performance 
” p Efficiency, 
Reliability 
Operational 
l Excellence, 
S ed EE RDS Performance 
j P Efficiency, 
Reliability 
Operational 
Excellence, 
RDS Event Notifications RDS Performance 
Efficiency, 
Reliability 
AWS SNS Appropriate 
Subscribers (Not Scored) “Ne sie 
No. Control 
AU-7 AUDIT REDUCTION AND REPORT GENERATION 
Rule Service Categories 
CloudTrail Enabled CloudTrail Security 
CloudTrail Global Services 
loudTrail 
Enabled CloudTrai Security 
CloudTrail Global Services CloudTrail Seay 


Logging Duplicated 
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High 


Medium 


Medium 


Medium 


High 


Medium 


Medium 


Medium 


Low 


Low 


Low 


Medium 


Risk level 


High 


High 


Medium 


SUCCESS: 1 


SUCCESS: 1 


SUCCESS: 1 


SUCCESS: 1 


SUCCESS: 1 


SUCCESS: 1 


FAILURE: 1 


FAILURE: 1 


FAILURE: 18 


FAILURE: 18 


FAILURE: 18 


SUCCESS: 34 


Priority 


Counts 


SUCCESS: 18 





SUCCESS: 1 


SUCCESS: 1 


Resolve... 


Resolve... 


Resolve... 


Resolve... 


Resolve... 


Total counts 


FAILURE: 36 


SUCCESS: 111 
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CloudTrail Log File Integrity 








ae CloudTrail Security Medium 
Validation 
CloudTrail Logs Encrypted CloudTrail Security Medium Resolve... 
CloudTrail Integrated With 
CloudWatch CloudTrai Security Medium 
loudTrail M 
CloudTrail Management CloudTrail Security Medi 
Events 
Operational 
CloudTrail Delivery Failing CloudTrail Excellence, Medium 
Security 
CloudTrail Data Events CloudTrail Security Low Resolve... 
Cost 
Optimisation, 
Operational 
AWS CloudWatch E | 
S CloudWatch Events In Aiea E E Excellence, Medium 
Use Performance 
Efficiency, 
Reliability, 
Security 
CloudTrail Changes Alarm CloudWatchLogs Security Medium 
Sign-In Events (Not Scored) IAM Security Low 
No. Control Priority Total counts 
FAILURE: 36 
AU-8 TIME STAMPS Pil 
SUCCESS: 93 
Rule Service Categories Risk level Counts 
CloudTrail Enabled CloudTrail Security High 
CloudTrail Global Services 
Enabled CloudTrai Security High 
loudTrail Global i 
Ee ie Hlaba MEE CloudTrail Security Medium 
Logging Duplicated 
loudTrail Log File | i 
sos a ogo Leey CloudTrail Security Medium 
Validation 
CloudTrail Logs Encrypted CloudTrail Security Medium Resolve... 
CloudTrail Integrated With 
CloudWatch CloudTrai Security Medium 
loudTrail M 
Pe CloudTrail Security Medium 
Events 
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CloudTrail Delivery Failing 


CloudTrail Data Events 


CloudTrail Changes Alarm 


No. Control 


AU-9 


Rule 
Event Bus Exposed 


Elasticsearch Domain 
Exposed 


SNS Topic Exposed 
SNS Topic Accessible For 


Subscription 


No. Control 


AU-10 


Rule 


APIs CloudWatch Logs 


CloudFront Logging Enabled 


CloudTrail Enabled 


CloudTrail Global Services 
Enabled 


CloudTrail Global Services 
Logging Duplicated 


CloudTrail Logs Encrypted 


CloudTrail Integrated With 
CloudWatch 
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NON-REPUDIATION 


CloudTrail 


CloudTrail 


CloudWatchLogs 


PROTECTION OF AUDIT INFORMATION 


Service 


CloudWatchEvents 


Elasticsearch 


SNS 


SNS 


Service 


AP|Gateway 


CloudFront 


CloudTrail 


CloudTrail 


CloudTrail 


CloudTrail 


CloudTrail 


Operational 
Excellence, 
Security 


Security 


Security 


Categories 


Security 


Security 


Security 


Security 


Categories 


Operational 
Excellence, 
Performance 
Efficiency 


Security 


Security 


Security 


Security 


Security 


Security 


Medium 


Low 


Medium 


Risk level 


High 


High 


High 


Medium 


Risk level 


Medium 


Medium 


High 


High 


Medium 


Medium 


Medium 


SUCCESS: 18 


FAILURE: 18 


SUCCESS: 1 


Priority 


Counts 


FAILURE: 18 
SUCCESS: 2 
SUCCESS: 36 


SUCCESS: 36 


Priority 


Counts 


FAILURE: 45 


SUCCESS: 1 








SUCCESS: 4 


SUCCESS: 18 


SUCCESS: 1 


SUCCESS: 1 


FAILURE: 18 


SUCCESS: 18 


Resolve... 


Total counts 


FAILURE: 18 


SUCCESS: 74 


Uv 
ss 


Resolve... 


Total counts 


FAILURE: 81 


SUCCESS: 115 





Resolve... 


Resolve... 


16/71 


CloudTrail Management 


CloudTrail 

Events 
CloudTrail Delivery Failing CloudTrail 
CloudTrail Data Events CloudTrail 
CloudTrail Changes Alarm CloudWatchLogs 
Config Delivery Failing Config 
Sign-In Events (Not Scored) IAM 

No. Control 

AU-11 AUDIT RECORD RETENTION 
Rule Service 
CloudFront Logging Enabled CloudFront 
CloudTrail Integrated With CloudTrail 


CloudWatch 


AWS Elasticsearch Slow Logs 


S3 Bucket Logging Enabled 


VPC Flow Logs Enabled 


No. Control 


AU-12 AUDIT GENERATION 


Rule 


No rule to display 


No. Control 


Elasticsearch 


53 


VPC 


Service 


Security 


Operational 
Excellence, 


Security 


Security 


Security 


Operational 
Excellence, 


Security 


Security 


Categories 


Security 


Security 


Operational 
Excellence, 
Performance 
Efficiency 


Security 


Security 


Categories 


AU-13 MONITORING FOR INFORMATION DISCLOSURE 
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Medium 


Medium 


Low 


Medium 


Medium 


Low 


Risk level 


Medium 


Medium 


Medium 


Medium 


Low 


Risk level 


FAILURE: 18 Resolve... 


Priority Total counts 


FAILURE: 75 


— 


3 





SUCCESS: 23 


Counts 





FAILURE: 55 Resolve... 


Resolve... 


FAILURE: 2 Resolve... 


Priority Total counts 
pil 0 
Counts 
Priority Total counts 
PO 0 
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Rule 


No rule to display 


No. Control 
AU-14 SESSION AUDIT 
Rule 


APIs CloudWatch Logs 


CloudTrail Enabled 


No. Control 


AU-15 


Rule 


APIs CloudWatch Logs 


CloudFront Logging Enabled 


VPC Flow Logs Enabled 


No. Control 


AU-16 


Rule 


AWS Organizations Changes 
Alarm 


AWS Multi-Account 
Centralized Management (Not 
Scored) 


AWS Organizations In Use 
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Service 


Service 


APIGateway 


CloudTrail 


ALTERNATE AUDIT CAPABILITY 


Service 


APIGateway 


CloudFront 


VPC 


CROSS-ORGANIZATIONAL AUDITING 


Service 


CloudWatchLogs 


IAM 


Organizations 


Categories 


Categories 
Operational 
Excellence, 
Performance 


Efficiency 


Security 


Categories 


Operational 
Excellence, 
Performance 
Efficiency 


Security 


Security 


Categories 


Security 


Security 


Security 


Risk level 


Risk level 


Risk level 


Medium 


Medium 


Low 


Risk level 


Medium 


High 


Medium 


Counts 
Priority Total counts 
FAILURE: 45 
PO 
SUCCESS: 19 
Counts 
FAILURE: 45 
Resolve... 
SUCCESS: 1 
SUCCESS: 18 








Priority Total counts 
FAILURE: 63 
PO 
SUCCESS: 6 
Counts 


Resolve... 


Resolve... 





Priority Total counts 
PO 
SUCCESS: 3 
Counts 
FAILURE: 1 Resolve... 


SUCCESS: 1 


SUCCESS: 1 
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Enable All Features Organizations Security Medium SUCCESS: 1 


Security Assessment and Authorization 


No. Control Priority Total counts 


ae SECURITY ASSESSMENT AND AUTHORIZATION POLICY AND 


















P 
PROCEDURES SUCCESS: 771 
Rule Service Categories Risk level Counts 
’ ona 

Cloud Contenmuty Custom CloudCantomaity Operationa High Resolve... 
Policy Version Excellence 
CloudFront In Use CloudFront Security Medium 
CloudFront Security Policy CloudFront Security Medium 
Password Policy Minimum IAM Security Metis 
Length 
Password Policy Present IAM Security High 
Password Policy Lowercase IAM Security Medium 
Password Policy Uppercase IAM Security Medium 
Password Policy Number IAM Security Medium 
Password Policy Symbol IAM Security Medium 
Password Policy Expiration IAM Security Medium 
Password Policy Reuse IAM Cenu Medium 
Prevention 
IAM Users Unauthorized to 
Edit Access Policies AN a 9 -E 
IAM Policies ue El IAM Gai High 
Administrative Privileges 

es Ee LAM Security Medium Resolve... 
Lampea ross econ Lambda Security Medium 
Access 

ket MFA Del 

A ie S3 Security Low Resolve... 
Enabled 


Powered by Cloud Conformity 19/71 


S3 Bucket Public Access Via FAILURE: 5 





: S3 Securit Very High Resolve... 
Policy y ie SUCCESS: 50 
S3 Cross Account Access 53 Security High SUCCESS: 13 
No. Control Priority Total counts 
En SECURITY ASSESSMENTS P2 
Rule Service Categories Risk level Counts 
ional 
Cloud Conformity Custom Cloud Cantornity Operationa High ede 
Policy Version Excellence 
No. Control Priority Total counts 


SUCCESS: 488 


CA-3 SYSTEM INTERCONNECTIONS Pi successe | 


Rule Service Categories Risk level Counts 

Unrestricted SSH Access EÇ2 Security Medium SUCCESS: 23 
Unrestricted RDP Access EC2 Security Extreme SUCCESS: 23 
Unrestricted MySQL Access EC? Security Medium SUCCESS: 23 
ene is Gie EC2 Security Medium SUCCESS: 23 
Unrestricted DNS Access EC? Security High SUCCESS: 23 
Unrestricted MsSOL Access EG2 Security Medium SUCCESS: 23 


Default Security Group 


. ECZ Security Low FAILURE: 19 Resolve... 
Unrestricted 


Unrestricted Security Group 


EC2 Security Medium FAILURE: 23 Resolve... 

Egress 

Unrestricted Security Group EC? Security Medium SUCCESS: 23 
Ingress 

Unrestricted Telnet Access EC2 Security Medium SUCCESS: 23 
Unrestricted SMTP Access EC2 Security Medium SUCCESS: 23 
Unrestricted RPC Access EC2 Security Medium SUCCESS: 23 
Unrestricted NetBIOS Access EC2 Security Medium SUCCESS: 23 
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Unrestricted FTP Access EC2 Security Medium SUCCESS: 23 
Unrestricted CIFS Access EC2 Security Medium SUCCESS: 23 
Unrestricted ICMP Access EC2 Security Medium SUCCESS: 23 


Unrestricted MongoDB Access EC2 Security Medium SUCCESS: 23 


Unrestricted Elasticsearch 


on EC2 Security Medium SUCCESS: 23 
Unrestricted HTTP Access EC2 Security Medium SUCCESS: 23 
Unrestricted HTTPS Access EC2 Security Medium SUCCESS: 23 
Enable All Features Organizations Security Medium SUCCESS: 1 


Unrestricted DB Security 


Group RDS Security Medium SUCCESS: 18 


S3 Bucket Public 
'FULL_CONTROL' Access 


S3 Security Very High SUCCESS: 55 


No. Control Priority Total counts 
CA-4 SECURITY CERTIFICATION 0 
Rule Service Categories Risk level Counts 


No rule to display 


No. Control Priority Total counts 
CA-5 PLAN OF ACTION AND MILESTONES P3 0 
Rule Service Categories Risk level Counts 


No rule to display 


No. Control Priority Total counts 
CA-6 SECURITY AUTHORIZATION P2 
Rule Service Categories Risk level Counts 


Support Role IAM Security High 


No. Control Priority Total counts 
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CA7 CONTINUOUS MONITORING 
Rule Service 
APIs Detailed CloudWatch APiGateway 


Metrics 


Cloud Conformity Custom 


| formi 
Policy Version Cleie onto 


CloudTrail Enabled CloudTrail 
CloudTrail Global Services . 
Enabled CloudTrail 
CloudTrail Management CloudTrail 
Events 

CloudTrail Data Events CloudTrail 
AW izati h 

S Organizations Changes CloudwWetchiegs 

Alarm 

Kinesis Stream Shard Level ad 

j Kinesis 

Metrics 
No. Control 
CA-8 PENETRATION TESTING 

Rule Service 


No rule to display 


No. Control 
CA-9 INTERNAL SYSTEM CONNECTIONS 
Rule Service 


Elasticsearch Cross Account 


Elasticsearch 
Access 


Valid IAM Identity Providers IAM 
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Categories 


Operational 
Excellence, 
Performance 
Efficiency 


Operational 
Excellence 


Security 


Security 


Security 


Security 


Security 


Cost 
Optimisation, 
Performance 
Efficiency, 
Reliability 


Categories 


Categories 


Security 


Security 


Risk level 


Medium 


High 


High 


High 


Medium 


Low 


Medium 


Low 


Risk level 


Risk level 


High 


High 


Counts 


FAILURE: 45 


SUCCESS: 1 


FAILURE: 1 


SUCCESS: 18 


SUCCESS: 1 


SUCCESS: 18 


FAILURE: 18 


FAILURE: 1 


FAILURE: 2 


Priority 


— 


2 


Counts 


Priority 


— 


Counts 


FAILURE: 1 


SUCCESS: 2 


FAILURE: 67 


SUCCESS: 38 


Resolve... 


Resolve... 


Resolve... 


Resolve... 


Resolve... 


Total counts 


Total counts 


FAILURE: 3 


SUCCESS: 514 


MEE 


Resolve... 
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IAM Users Unauthorized to Edit 

















Access Policies SSCA 9 = 
Lambda Cross Account Access Lambda Security Medium | SUCCESS:458 | 
S3 Cross Account Access 53 Security High | SuCcESS:13 | 
SNS Cross Account Access SNS Security High _— Resolve... 
SOS Cross Account Access SOS Security High ET 
Configuration Management 
No. Control Priority Total counts 
CM-1 CONFIGURATION MANAGEMENT POLICY AND PROCEDURES P1 0 
Rule Service Categories Risk level Counts 
No rule to display 
No. Control Priority Total counts 
FAILURE: 48 
CM-2 BASELINE CONFIGURATION Pil 
SUCCESS: 8 
Rule Service Categories Risk level Counts 
Cost 
Optimisation, 
Operational 
AWS CloudWatch Events In RE Excellence, Medium 
Use Performance 
Efficiency, 
Reliability, 
Security 
S3 Buckets Lifecycle oe. Ete 
. . sd Optimisation, Low Resolve... 
Configuration ; SUCCESS: 7 
Security 
No. Control Priority Total counts 
CM-3 CONFIGURATION CHANGE CONTROL P1 
Rule Service Categories Risk level Counts 
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CloudTrail Changes Alarm CloudWatchLogs Security Medium SUCCESS: 1 


EC2 Instance Changes Alarm  CloudWatchLogs Security Medium SUCCESS: 1 


EC2 L l h 
nal nstance Changes Elouise sees eu 


AWS Config Changes Alarm  CloudWatchLogs Security Medium SUCCESS: 1 


S3 Buckets with Website 


Configuration Enabled (Not 53 Security Medium SUCCESS: 6 
Scored) 
No. Control Priority Total counts 
CM-4 SECURITY IMPACT ANALYSIS p2 0 
Rule Service Categories Risk level Counts 
No rule to display 
No. Control Priority Total counts 
CM-5 ACCESS RESTRICTIONS FOR CHANGE P1 
Rule Service Categories Risk level Counts 
IAM Users Unauthorized to Edit IAM sauny High edie. 
Access Policies 
No. Control Priority Total counts 


v 


SUCCESS: 8 


Rule Service Categories Risk level Counts 

CloudTrail Changes Alarm CloudWatchLogs Security Medium 
j h 

ee Es CloudWatchLogs Security Medium 

Alarm 

Network ACL Changes Alarm CloudWatchLogs Security Medium 

| h 

RA nenase CloudWatchLogs Security Medium 

Alarm 

VPC Changes Alarm CloudWatchLogs Security Medium 

EC2 Instance Changes Alarm  CloudWatchLogs Security Medium 
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EC2 Large Instance Changes 


CloudWatchLogs Security Medium SUCCESS: 1 
Alarm 


AWS Organizations Changes 


AWS Config Changes Alarm = CloudWatchLogs Security Medium 








Ge CloudWatchLogs Security Medium FAILURE: 1 Resolve... 
No. Control Priority Total counts 
CM-7 LEAST FUNCTIONALITY P1 

Rule Service Categories Risk level Counts 

me G vile) APIGateway Security Medium Resolve... 

a EE We) CloudFront Security Medium 

Security Group Port Range EC2 Security High Resolve... 

Unrestricted SSH Access PC? Security Medium 

Unrestricted RDP Access EC2 Security Extreme 

Unrestricted Oracle Access EC2 Security Medium 

Unrestricted MySQL Access EC2 Security Medium 

MR EE EE Security Medium 

Unrestricted DNS Access EC2 Security High 

Unrestricted MsSQL Access EG? Security Medium 

Unrestricted Telnet Access EG2 Security Medium 

Unrestricted SMTP Access EC2 Security Medium 

Unrestricted RPC Access EC? Security Medium 

Unrestricted NetBIOS Access EC2 Security Medium 

Unrestricted FTP Access EC? Security Medium 

Unrestricted CIFS Access EC2 Security Medium 
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Unrestricted MongoDB Access EC2 Security Medium 
Unrestricted Elasticsearch EC2 ad MEd ie 
Access 
Unrestricted HTTP Access EC2 Security Medium 
Unrestricted HTTPS Access EC2 Security Medium 
Secure Transport | KUZES 53 Securit Medium Resolve... 
l 
Unrestricted Network ACL 
Outbound Traffic C Security edium esolve 
i N k ACL 
Made ee . SEINE VEC Security Medium Resolve... 
Inbound Traffic 
AWS Web Application Fi II 
Med DNE GE ei WAF Security Medium 
In Use 
No. Control Priority Total counts 
CM-8 INFORMATION SYSTEM COMPONENT INVENTORY P1 0 
Rule Service Categories Risk level Counts 
No rule to display 
No. Control Priority Total counts 
CM-9 CONFIGURATION MANAGEMENT PLAN Bi 0 
Rule Service Categories Risk level Counts 
No rule to display 
No. Control Priority Total counts 
CM-10 SOFTWARE USAGE RESTRICTIONS B2 0 
Rule Service Categories Risk level Counts 
No rule to display 
No. Control Priority Total counts 
CM-11 USER-INSTALLED SOFTWARE Pi 0 
Rule Service Categories Risk level Counts 
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No rule to display 


Contingency Planning 


No. Control Priority Total counts 
CP-1 CONTINGENCY PLANNING POLICY AND PROCEDURES Pal 0 
Rule Service Categories Risk level Counts 


No rule to display 


No. Control Priority Total counts 
CP-2 CONTINGENCY PLAN Pi 0 
Rule Service Categories Risk level Counts 


No rule to display 


No. Control Priority Total counts 
CP-3 CONTINGENCY TRAINING R2 0 
Rule Service Categories Risk level Counts 


No rule to display 


No. Control Priority Total counts 
CP-4 CONTINGENCY PLAN TESTING P2 0 
Rule Service Categories Risk level Counts 


No rule to display 


No. Control Priority Total counts 
CP-5 CONTINGENCY PLAN UPDATE 0 
Rule Service Categories Risk level Counts 


No rule to display 


No. Control Priority Total counts 
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CP-6 ALTERNATE STORAGE SITE 


Rule Service 


DynamoDB Continuous 


D DB 
Backups oe 
No. Control 
CP=7 ALTERNATE PROCESSING SITE 
Rule Service 


Elasticsearch Zone Awareness 


Elasti h 
Enabled asticsearc 


Queue Unprocessed Messages SOS 


Managed NAT Gateway In Use VPC 


No. Control 
CP-8 TELECOMMUNICATIONS SERVICES 
Rule Service 


No rule to display 


No. Control 
CP-9 INFORMATION SYSTEM BACKUP 
Rule Service 


DynamoDB Continuous 


D DB 
Backups oe 
No. Control 
CP-10 
Rule Service 
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Categories 


Reliability 


Categories 


Reliability 


Reliability 


Performance 
Efficiency 


Categories 


Categories 


Reliability 


Categories 


Risk level 


High 


Risk level 


Medium 


Medium 


Medium 


Risk level 


Risk level 


High 


INFORMATION SYSTEM RECOVERY AND RECONSTITUTION 


Risk level 











FAILURE: 5 
O E 


SUCCESS: 13 


Counts 


FAILURE: 5 
Resolve... 


SUCCESS: 13 





Priority Total counts 
P1 
SUCCESS: 7 
Counts 
FAILURE: 2 Resolve... 
SUCCESS: 6 
SUCCESS: 1 
Priority Total counts 
P1 0 
Counts 
Priority Total counts 
FAILURE: 5 
P1 
SUCCESS: 13 
Counts 


FAILURE: 5 
Resolve... 


SUCCESS: 13 





Priority Total counts 
FAILURE: 5 
Bi 
SUCCESS: 13 
Counts 
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DynamoDB Continuous 


eee DynamoDB Reliability 
No. Control 
CP-11 ALTERNATE COMMUNICATIONS PROTOCOLS 
Rule Service Categories 
No rule to display 
No. Control 
CP-12 SAFE MODE 
Rule Service Categories 
No rule to display 
No. Control 
CP-13 ALTERNATIVE SECURITY MECHANISMS 
Rule Service Categories 


No rule to display 


High 


Risk level 


Risk level 


Risk level 


Identification and Authentication 


No. Control 

IA-1 IDENTIFICATION AND AUTHENTICATION POLICY AND PROCEDURES 
Rule Service Categories Risk level 
AWS Multi-Account 
Centralized Management (Not IAM Security High 
Scored) 
IAM Users Unauthorized to Edit IAM eedi High 
Access Policies 
IAM Policies With Full 

Hioh 

Administrative Privileges An eg 9 
Support Role IAM Security High 
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FAILURE: 5 


SUCCESS: 13 


Priority 


PO 


Counts 


Priority 
PO 


Counts 


Priority 
PO 


Counts 


Priority 


Resolve... 


Total counts 


Total counts 


Total counts 


Total counts 


FAILURE: 8 


SUCCESS: 239 


. EE 


Counts 


Resolve... 
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IAM Role Policy Too Permissive IAM Security Medium Resolve... 
No. Control Priority Total counts 
IA-2 IDENTIFICATION AND AUTHENTICATION (ORGANIZATIONAL USERS) Pi 

Rule Service Categories Risk level Counts 

Root MFA Enabled IAM Security High SUCCESS: 1 

Valid IAM Identity Providers IAM Security High FAILURE: 1 Resolve... 


IAM Users Unauthorized to Edit 


IAM Securit High FAILURE: 1 Resolve... 
Access Policies Sunny Ig esolve 


Hardware MFA for AWS Root 


IAM i High SUCCESS: 1 
AM Security ig 


Access Keys During Initial IAM 


IAM Securit Medi SUCCESS: 1 
User Setup (Not Scored) al ECAR 
Cross-Account Access Lacks FAILURE: 3 
IAM $ it Medi Resolve... 
External ID and MFA ecurity eaium aay Resolve... 
No. Control Priority Total counts 


SUCCESS: 466 


IA-3 DEVICE IDENTIFICATION AND AUTHENTICATION P1 = a 


Rule Service Categories Risk level Counts 

perenne Degree at APIGateway Security Medium Resolve... 
i pies eie yai CloudFront Security Medium 

Unrestricted SSH Access EG2 Security Medium 

Unrestricted RDP Access EC2 Security Extreme 

Unrestricted Oracle Access EC2 Security Medium 

Unrestricted MySQL Access EC2 Security Medium 

oo ee EC2 Security Medium 

Unrestricted DNS Access EC2 Security High 
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Unrestricted MsSOL Access EC2 Security Medium SUCCESS: 23 


Default Security Group 


. EC2 Security Low FAILURE: 19 Resolve... 
Unrestricted 


Unrestricted Elasticsearch 


EC2 Security Medium SUCCESS: 23 
Access 
Unrestricted HTTP Access EC2 Security Medium SUCCESS: 23 
Unrestricted HTTPS Access EC2 Security Medium SUCCESS: 23 


Elasticsearch Accessible Only 
From Whitelisted IP Addresses 


ER 
BETA 
SecurityGroup RFC 1918 EG2 Security Medium 
EE i EC? Security Medium Resolve... 
Egress 
oni Security Group EC? Security Medium 
Unrestricted Telnet Access EC2 Security Medium 
Unrestricted SMTP Access EC2 Security Medium 
Unrestricted RPC Access EC2 Security Medium 
Unrestricted NetBIOS Access EC2 Security Medium 
Unrestricted FTP Access EC2 Security Medium 
Unrestricted CIFS Access EC2 Security Medium 
Unrestricted ICMP Access EC2 Security Medium 
Unrestricted MongoDB Access EC2 Security Medium 
Ed 
EA 
Bed 
EE 


Elasticsearch Security High SUCCESS: 2 


No. Control Priority Total counts 
IA-4 IDENTIFIER MANAGEMENT Bi 0 
Rule Service Categories Risk level Counts 


No rule to display 


No. Control Priority Total counts 


FAILURE: 13 


IA-5 AUTHENTICATOR MANAGEMENT P1 =—— 


SUCCESS: 271 


Powered by Cloud Conformity 31/71 


Rule Service Categories Risk level Counts 


Password Policy Minimum 


ione IAM Security Medium SUCCESS: 1 
Password Policy Present IAM Security High SUCCESS: 1 
Password Policy Lowercase IAM Security Medium SUCCESS: 1 
Password Policy Uppercase IAM Security Medium SUCCESS: 1 
Password Policy Number IAM Security Medium SUCCESS: 1 
Password Policy Symbol IAM Security Medium SUCCESS: 1 
Password Policy Expiration IAM Security Medium SUCCESS: 1 
Password Policy Reuse IAM Jenny eel MEES 
Prevention 

Root MFA Enabled IAM Security High SUCCESS: 1 
a Access Keys IAM Security High oe 
IAM User Present IAM Security Medium FAILURE: 1 Resolve... 


AWS Multi-Account 
Centralized Management (Not IAM Security High SUCCESS: 1 
Scored) 


Account Alternate Contacts 


IAM S it High SUCCESS: 1 
(Not Scored) eve 9 


Account Security Challenge 
IAM S t High SUCCESS: 1 
Questions (Not Scored) ecurity ig 


Valid IAM Identity Providers IAM Security High FAILURE: 1 Resolve... 


Root Account Usage IAM Security High SUCCESS: 1 


IAM Users Unauthorized to Edit 


IAM S it High FAILURE: 1 R Ive... 
Access Policies Gcurty Ig esolve 


Hardware MFA for AWS Root 


IAM i High SUCCESS: 1 
ede Security ig 


K During Initial IAM 
Access Keys During Initia IAM Sooni Mediüm SUCCESS: 1 
User Setup (Not Scored) 

IAM Policies With Full 
OCON a IAM Security High SUCCESS: 4 
Administrative Privileges 
FAILURE: 7 


IAM Role Policy Too Permissive IAM Security Medium Resolve... 


SUCCESS: 233 
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FAILURE: 3 


Cross-Account Access Lacks 





External ID and MEA IAM Security Medium EE Resolve... 
Sign-In Events (Not Scored) IAM Security Low SUCCESS: 17 
No. Control Priority Total counts 
IA-6 AUTHENTICATOR FEEDBACK P2 0 
Rule Service Categories Risk level Counts 
No rule to display 
No. Control Priority Total counts 
IA-7 CRYPTOGRAPHIC MODULE AUTHENTICATION P1 0 
Rule Service Categories Risk level Counts 
No rule to display 
No. Control Priority Total counts 
A-8 RE AND AUTHENTICATION (NON-ORGANIZATIONAL P1 
Rule Service Categories Risk level Counts 


Valid IAM Identity Providers IAM Security High Resolve... 


No. Control Priority Total counts 
IA-9 SERVICE IDENTIFICATION AND AUTHENTICATION PO 

Rule Service Categories Risk level Counts 

GuardDuty Enabled GuardDuty Security Medium 

GuardDuty Findings GuardDuty Security Medium Resolve... 

Valid IAM Identity Providers IAM Security High Resolve... 
No. Control Priority Total counts 
IA-10 ADAPTIVE IDENTIFICATION AND AUTHENTICATION PO 0 
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Rule Service Categories 
No rule to display 

No. Control 

IA-11 RE-AUTHENTICATION 
Rule Service Categories 
No rule to display 

Incident Response 

No. Control 

IR-1 INCIDENT RESPONSE POLICY AND PROCEDURES 
Rule Service Categories 
No rule to display 

No. Control 

IR-2 INCIDENT RESPONSE TRAINING 
Rule Service Categories 
No rule to display 

No. Control 

IR-3 INCIDENT RESPONSE TESTING 
Rule Service Categories 
No rule to display 

No. Control 

IR-4 INCIDENT HANDLING 
Rule Service Categories 
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Risk level 


Risk level 


Risk level 


Risk level 


Risk level 


Risk level 


Counts 


Priority 


PO 


Counts 


Priority 


P1 


Counts 


Priority 


PZ 


Counts 


Priority 


P2 


Counts 


Priority 


P1 


Total counts 


Total counts 


Total counts 


Total counts 


Total counts 


FAILURE: 304 


SUCCESS: 103 





Counts 
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Operational 










APls CloudWatch Logs APIGateway een Medium Resolve... 
Efficiency 
Operational 
i‘ El cao APIGateway ed Medium Resolve... 
Efficiency 
ional 
Tracing Enabled APIGateway Re Low Resolve... 
Excellence 
API Gateway Integrated With f | FALURE:46 | 
FAILURE: 46 
AWS WAF APIGateway Security Medium Resolve... 
CloudTrail Enabled CloudTrail Security High 
hood Trail Management CloudTrail Security Medium 
Events 
Operational 
CloudTrail Delivery Failing CloudTrail Excellence, Medium 
Security 
CloudTrail Data Events CloudTrail Security Low Resolve... 
Authorization Failures Alarm CloudWatchLogs Security Medium Resolve... 
CloudTrail Changes Alarm CloudWatchLogs Security Medium 
Network ACL Changes Alarm  CloudWatchLogs Security Medium 
AWS Config Changes Alarm CloudWatchLogs Security Medium 
AWS Config Enabled Config Security High 
AWS Config Global Resources Config Security Medium 
Support Role IAM Security High 
Sign-In Events (Not Scored) IAM Security Low 
S3 Bucket Logging Enabled $3 Security Medium Resolve... 
; Cost FAILURE: 48 
S3 Buckets Lifecycle ee 
: ; $3 Optimisation, Low Resolve... 
Configuration l 
Security 
No. Control Priority Total counts 


FAILURE: 304 
IR-5 INCIDENT MONITORING 


— 


1 
SUCCESS: 103 
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Rule Service Categories Risk level Counts 


















Operational 
APls CloudWatch Logs APIGateway nee, Medium Resolve... 
Efficiency 
Operational 
APIs Detailed CloudWatch Excell 
d ie EE ie APIGateway ende Medium Resolve... 
Metrics Performance 
Efficiency 
f Operational ] 
Tracing Enabled APIGateway Low Resolve... 
Excellence 
API Gateway Integrated With : 
FAILURE: 46 jve 
AWS WAF APIGateway Security Medium Resolve 
CloudTrail Enabled CloudTrail Security High 
rua Tra Managemen: CloudTrail Security Medium 
Events 
Operational 
CloudTrail Delivery Failing CloudTrail Excellence, Medium 
Security 
CloudTrail Data Events CloudTrail Security Low Resolve... 
Authorization Failures Alarm CloudWatchLogs Security Medium Resolve... 
CloudTrail Changes Alarm CloudWatchLogs Security Medium 
Network ACL Changes Alarm  CloudWatchLogs Security Medium 
AWS Config Changes Alarm CloudWatchLogs Security Medium 
AWS Config Enabled Config Security High 
AWS Config Global Resources Contig Security Medium 
Support Role IAM Security High 
Sign-In Events (Not Scored) IAM Security Low 
S3 Bucket Logging Enabled $3 Security Medium Resolve... 
Cost 
S3 Buckets Lifecycle ae 
f l od Optimisation, Low Resolve... 
Configuration . 
Security 
No. Control Priority Total counts 
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IR-6 INCIDENT REPORTING P1 
Rule Service Categories Risk level Counts 
Support Role IAM Security High 
ional 
Tracing Enabled Lambda PG Medium Resolve... 
Excellence 
No. Control Priority Total counts 
IR-7 INCIDENT RESPONSE ASSISTANCE P2 
Rule Service Categories Risk level Counts 


Support Role IAM Security High 


No. Control Priority Total counts 
IR-8 INCIDENT RESPONSE PLAN Bi 0 
Rule Service Categories Risk level Counts 


No rule to display 


No. Control Priority Total counts 
IR-9 INFORMATION SPILLAGE RESPONSE PO 0 
Rule Service Categories Risk level Counts 


No rule to display 


No. Control Priority Total counts 
IR-10 INTEGRATED INFORMATION SECURITY ANALYSIS TEAM PO 0 
Rule Service Categories Risk level Counts 


No rule to display 


Maintenance 


No. Control Priority Total counts 
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MA-1 SYSTEM MAINTENANCE POLICY AND PROCEDURES Pil 0 
Rule Service Categories Risk level Counts 
No rule to display 
No. Control Priority Total counts 
FAILURE: 161 
MA-2 CONTROLLED MAINTENANCE P2 
SUCCESS: 443 
Rule Service Categories Risk level Counts 





| formi ional 
. sa ay Ee CloudConformity S High | FAUREI | Resolve... 
Policy Version Excellence 
Cost 
CloudFront Compress CloudFront Optimisation, TR 
Objects Automatically Performance 
Efficiency 
CloudFormation Stack Policy CloudFormation Security Medium Resolve... 
Support Role IAM Security High 
Lambda Runtime Environment ismida Reliability, Medium ERT 
Version Security 
No. Control Priority Total counts 


— 


SUCCESS: 442 


MA-3 MAINTENANCE TOOLS 3 O wessa | 








Rule Service Categories Risk level Counts 
| formi ional 
. cug Eie stom CloudConformity ee High Resolve... 
Policy Version Excellence 
Cost 
loudF chs 
C oud ront Compress CloudFront Optimisation, TM 
Objects Automatically Performance 
Efficiency 
i Runti Envi Reliabili 
ambda untime Environment ER e iabi ity, ean ee. 
Version Security 
No. Control Priority Total counts 
MA-4 NONLOCAL MAINTENANCE P2 
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Rule Service Categories Risk level Counts 


tional 
CloudConformity sities High Resolve... 


Cloud Conformity Custom 
Policy Version 








No. Control Priority Total counts 
MA-5 MAINTENANCE PERSONNEL P2 
Rule Service Categories Risk level Counts 
; ona 
Cloud Contemmty Custom ed aa N Operationa High Resolve... 
Policy Version Excellence 
No. Control Priority Total counts 
FAILURE: 2 
MA-6 TIMELY MAINTENANCE P2 
SUCCESS: 1 
Rule Service Categories Risk level Counts 
Ecol coe arcn Zone Awareness Elasticsearch Reliability Medium Resolve... 
Enabled 
Performance 
Managed NAT Gateway In Use VPC so Medium 
Efficiency 
Media Protection 
No. Control Priority Total counts 
MP-1 MEDIA PROTECTION POLICY AND PROCEDURES Bi 0 
Rule Service Categories Risk level Counts 
No rule to display 
No. Control Priority Total counts 
MP-2 MEDIA ACCESS Pil 0 
Rule Service Categories Risk level Counts 
No rule to display 
No. Control Priority Total counts 
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MP-3 MEDIA MARKING 


Rule Service 
No rule to display 

No. Control 

MP-4 MEDIA STORAGE 
Rule Service 
No rule to display 

No. Control 

MP-5 MEDIA TRANSPORT 
Rule Service 
No rule to display 

No. Control 

MP-6 MEDIA SANITIZATION 
Rule Service 
No rule to display 

No. Control 

MP-7 MEDIA USE 
Rule Service 
No rule to display 

No. Control 

MP-8 MEDIA DOWNGRADING 
Rule Service 


No rule to display 
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Categories 


Categories 


Categories 


Categories 


Categories 


Categories 


Risk level 


Risk level 


Risk level 


Risk level 


Risk level 


Risk level 


PZ 


Counts 


Priority 


P1 


Counts 


Priority 


Pi 


Counts 


Priority 


Pil 


Counts 


Priority 


Eal 


Counts 


Priority 


PO 


Counts 


Total counts 


Total counts 


Total counts 


Total counts 


Total counts 
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Physical and Environmental Protection 


No. Control 
PE-1 PHYSICAL AND ENVIRONMENTAL PROTECTION POLICY AND 
i PROCEDURES 

Rule Service Categories Risk level 
No rule to display 

No. Control 

PE-2 PHYSICAL ACCESS AUTHORIZATIONS 
Rule Service Categories Risk level 
No rule to display 

No. Control 

PE-3 PHYSICAL ACCESS CONTROL 
Rule Service Categories Risk level 
No rule to display 

No. Control 

PE-4 ACCESS CONTROL FOR TRANSMISSION MEDIUM 
Rule Service Categories Risk level 
No rule to display 

No. Control 

PE-5 ACCESS CONTROL FOR OUTPUT DEVICES 
Rule Service Categories Risk level 


No rule to display 


No. Control 


PE-6 MONITORING PHYSICAL ACCESS 
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Priority 


Pi 


Counts 


Priority 


Bi 


Counts 


Priority 


Ed 


Counts 


Priority 


EI 


Counts 


Priority 


R2 


Counts 


Priority 


Fal 


Total counts 


Total counts 


Total counts 


Total counts 


Total counts 


Total counts 
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Rule Service 


No rule to display 


No. Control 
PE-7 VISITOR CONTROL 
Rule Service 


No rule to display 


No. Control 
PE-8 VISITOR ACCESS RECORDS 
Rule Service 


No rule to display 


No. Control 
PE-9 POWER EQUIPMENT AND CABLING 
Rule Service 


No rule to display 


No. Control 
PE=10 EMERGENCY SHUTOFF 
Rule Service 


No rule to display 


No. Control 
PE=11 EMERGENCY POWER 
Rule Service 


No rule to display 


No. Control 


PE-12 EMERGENCY LIGHTING 
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Categories 


Categories 


Categories 


Categories 


Categories 


Categories 


Risk level 


Risk level 


Risk level 


Risk level 


Risk level 


Risk level 


Counts 


Priority 


Counts 


Priority 


P3 


Counts 


Priority 


P1 


Counts 


Priority 


Pil 


Counts 


Priority 


P1 


Counts 


Priority 


PY 


Total counts 


Total counts 


Total counts 


Total counts 


Total counts 


Total counts 
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Rule Service Categories 
No rule to display 

No. Control 

PE-13 FIRE PROTECTION 
Rule Service Categories 


No rule to display 


No. Control 

PE-14 TEMPERATURE AND HUMIDITY CONTROLS 
Rule Service Categories 
No rule to display 

No. Control 

PE-15 WATER DAMAGE PROTECTION 
Rule Service Categories 
No rule to display 

No. Control 

PE-16 DELIVERY AND REMOVAL 
Rule Service Categories 
No rule to display 

No. Control 

PE-17 ALTERNATE WORK SITE 
Rule Service Categories 


No rule to display 


No. Control 


PE-18 LOCATION OF INFORMATION SYSTEM COMPONENTS 
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Risk level 


Risk level 


Risk level 


Risk level 


Risk level 


Risk level 


Counts 


Priority 


Pal 


Counts 


Priority 


P1 


Counts 


Priority 


P1 


Counts 


Priority 


P2 


Counts 


Priority 


P2 


Counts 


Priority 


RS 


Total counts 


Total counts 


Total counts 


Total counts 


Total counts 


Total counts 
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Rule Service Categories Risk level Counts 


No rule to display 


No. Control Priority Total counts 
PE-19 INFORMATION LEAKAGE PO 0 
Rule Service Categories Risk level Counts 


No rule to display 


No. Control Priority Total counts 
PE-20 ASSET MONITORING AND TRACKING PO 0 
Rule Service Categories Risk level Counts 


No rule to display 


Planning 
No. Control Priority Total counts 
PL-1 SECURITY PLANNING POLICY AND PROCEDURES Pil 0 

Rule Service Categories Risk level Counts 


No rule to display 


No. Control Priority Total counts 
PL-2 SYSTEM SECURITY PLAN P1 0 
Rule Service Categories Risk level Counts 


No rule to display 


No. Control Priority Total counts 
PL-3 SYSTEM SECURITY PLAN UPDATE 0 
Rule Service Categories Risk level Counts 


No rule to display 
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No. Control 


PL-4 RULES OF BEHAVIOR 
Rule Service Categories 
No rule to display 

No. Control 

PL-5 PRIVACY IMPACT ASSESSMENT 
Rule Service Categories 
No rule to display 

No. Control 

PL-6 SECURITY-RELATED ACTIVITY PLANNING 
Rule Service Categories 
No rule to display 

No. Control 

PL-7 SECURITY CONCEPT OF OPERATIONS 
Rule Service Categories 
No rule to display 

No. Control 

PL-8 INFORMATION SECURITY ARCHITECTURE 
Rule Service Categories 
No rule to display 

No. Control 

PL-9 CENTRAL MANAGEMENT 
Rule Service Categories 

| formi ional 

C oud C amarmiiy Custom ay Operationa 
Policy Version Excellence 
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Risk level 


Risk level 


Risk level 


Risk level 


Risk level 


Risk level 


High 


Priority 


P2 


Counts 


Priority 


Counts 


Priority 


Counts 


Priority 


PO 


Counts 


Priority 


Pi 


Counts 


Priority 


Total counts 


Total counts 


Total counts 


Total counts 


Total counts 


Total counts 


PO FAILURE: 1 


Counts 


FAILURE: 1 


Resolve... 
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Personnel Security 


No. Control 

PS-1 PERSONNEL SECURITY POLICY AND PROCEDURES 
Rule Service Categories Risk level 
No rule to display 

No. Control 

PS-2 POSITION RISK DESIGNATION 
Rule Service Categories Risk level 
No rule to display 

No. Control 

PS-3 PERSONNEL SCREENING 
Rule Service Categories Risk level 
No rule to display 

No. Control 

PS-4 PERSONNEL TERMINATION 
Rule Service Categories Risk level 
No rule to display 

No. Control 

PS-5 PERSONNEL TRANSFER 
Rule Service Categories Risk level 
No rule to display 

No. Control 

PS-6 ACCESS AGREEMENTS 
Rule Service Categories Risk level 
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Priority 


Pi 


Counts 


Priority 


Pi 


Counts 


Priority 


P1 


Counts 


Priority 


P| 


Counts 


Priority 


P2 


Counts 


Priority 


ES 


Counts 


Total counts 


Total counts 


Total counts 


Total counts 


Total counts 


Total counts 
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No rule to display 


No. Control Priority Total counts 
PS-7 THIRD-PARTY PERSONNEL SECURITY Pi 0 
Rule Service Categories Risk level Counts 


No rule to display 


No. Control Priority Total counts 
PS-8 PERSONNEL SANCTIONS BS 0 
Rule Service Categories Risk level Counts 


No rule to display 


Risk Assessment 


No. Control Priority Total counts 
RA-1 RISK ASSESSMENT POLICY AND PROCEDURES P1 0 
Rule Service Categories Risk level Counts 


No rule to display 


No. Control Priority Total counts 
RA-2 SECURITY CATEGORIZATION Pil 0 
Rule Service Categories Risk level Counts 


No rule to display 


No. Control Priority Total counts 
RA-3 RISK ASSESSMENT Bi 0 
Rule Service Categories Risk level Counts 


No rule to display 


No. Control Priority Total counts 
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RA-4 RISK ASSESSMENT UPDATE 0 


Rule Service Categories Risk level Counts 


No rule to display 


No. Control Priority Total counts 
RA-5 VULNERABILITY SCANNING Pi 0 
Rule Service Categories Risk level Counts 


No rule to display 


No. Control Priority Total counts 
RA-6 TECHNICAL SURVEILLANCE COUNTERMEASURES SURVEY PO 0 
Rule Service Categories Risk level Counts 


No rule to display 


System and Services Acquisition 


No. Control Priority Total counts 
SA-1 SYSTEM AND SERVICES ACQUISITION POLICY AND PROCEDURES Pd 0 
Rule Service Categories Risk level Counts 


No rule to display 


No. Control Priority Total counts 
SA-2 ALLOCATION OF RESOURCES PY 0 
Rule Service Categories Risk level Counts 


No rule to display 


No. Control Priority Total counts 
SA-3 SYSTEM DEVELOPMENT LIFE CYCLE Bi 0 
Rule Service Categories Risk level Counts 
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No rule to display 


No. Control 
SA-4 ACQUISITION PROCESS 
Rule Service Categories 


No rule to display 


No. Control 
SA-5 INFORMATION SYSTEM DOCUMENTATION 
Rule Service Categories 


No rule to display 


No. Control 
SA-6 SOFTWARE USAGE RESTRICTIONS 
Rule Service Categories 


No rule to display 


No. Control 
SA-7 USER-INSTALLED SOFTWARE 
Rule Service Categories 


No rule to display 


No. Control 
SA-8 SECURITY ENGINEERING PRINCIPLES 
Rule Service Categories 


No rule to display 


No. Control 
SA-9 EXTERNAL INFORMATION SYSTEM SERVICES 
Rule Service Categories 
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Risk level 


Risk level 


Risk level 


Risk level 


Risk level 


Risk level 


Priority 


Pil 


Counts 


Priority 


P2 


Counts 


Priority 


Counts 


Priority 


Counts 


Priority 


Pi 


Counts 


Priority 


P1 


Counts 


Total counts 


Total counts 


Total counts 


Total counts 


Total counts 


Total counts 


49/71 


No rule to display 


No. Control 
SA-10 DEVELOPER CONFIGURATION MANAGEMENT 
Rule Service Categories 


No rule to display 


No. Control 
SA-11 DEVELOPER SECURITY TESTING AND EVALUATION 
Rule Service Categories 


No rule to display 


No. Control 
SA-12 SUPPLY CHAIN PROTECTION 
Rule Service Categories 


No rule to display 


No. Control 
SA-13 TRUSTWORTHINESS 
Rule Service Categories 


No rule to display 


No. Control 
SA-14 CRITICALITY ANALYSIS 
Rule Service Categories 


No rule to display 


No. Control 
SA-15 DEVELOPMENT PROCESS, STANDARDS, AND TOOLS 
Rule Service Categories 
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Risk level 


Risk level 


Risk level 


Risk level 


Risk level 


Risk level 


Priority 


Pil 


Counts 


Priority 


P1 


Counts 


Priority 


Pi 


Counts 


Priority 


PO 


Counts 


Priority 


PO 


Counts 


Priority 


P2 


Counts 


Total counts 


Total counts 


Total counts 


Total counts 


Total counts 


Total counts 
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No rule to display 


No. Control Priority Total counts 
SA-16 DEVELOPER-PROVIDED TRAINING B2 0 
Rule Service Categories Risk level Counts 


No rule to display 


No. Control Priority Total counts 
SA-17 DEVELOPER SECURITY ARCHITECTURE AND DESIGN Pil 0 
Rule Service Categories Risk level Counts 


No rule to display 


No. Control Priority Total counts 
SA-18 TAMPER RESISTANCE AND DETECTION PO 

Rule Service Categories Risk level Counts 

CloudFront Traffic To Origin CloudFront Seiny isdie EE 

Unencrypted 

ER MERE Ge Security Medium SUCCESS: 4 

Policy 

FieldLevel Encryption CloudFront Security Medium FAILURE: 4 Resolve... 

CloudTrail Logs Encrypted CloudTrail Security Medium FAILURE: 18 Resolve... 


AWS KMS Customer Master 


D DB it High FAILURE: 18 Resolve... 
Keys for Table Encryption acre Se Son 9 esolve 


Encryption At Rest Elasticsearch Security High FAILURE: 2 Resolve... 


ElasticSearch Node To Node 


Elasticsearch Security High FAILURE: 2 Resolve... 
Encryption 
Firehose Deli 
a EG eas Firehöse Security High FAILURE: 1 Receive... 
Encryption 
KMS Customer Master Key . . 
KM M SUCCESS: 1 
(CMK) In Use S Security edium 
Kinesis Server Side Encryption Kinesis Security High SUCCESS: 2 
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Kinesis Stream Encrypted With 








inesi i i FAILURE: 2 
CMK Kinesis Security High | FARER | Resolve... 
Server Side Encryption $3 Security Medium Resolve... 
S3 Bucket Default Encryption 53 Security High Resolve... 
SNS Topic Encrypted SNS Securit High Resolve... 
SNS Topic Encrypted With . , 
SNS S t High Resolve... 
KMS Customer Master Keys ar 9 —— 
Queue Server Side Encryption SOS Security High 
OSE With KM 
Enoy pieg Vit a SOS Security High Resolve... 
Customer Master Keys 
SSM Parameter Encryption SSM Security Medium Resolve... 
No. Control Priority Total counts 
SA-19 COMPONENT AUTHENTICITY PO 0 
Rule Service Categories Risk level Counts 
No rule to display 
No. Control Priority Total counts 
SA-20 CUSTOMIZED DEVELOPMENT OF CRITICAL COMPONENTS PO 0 
Rule Service Categories Risk level Counts 
No rule to display 
No. Control Priority Total counts 
SA-21 DEVELOPER SCREENING PO 0 
Rule Service Categories Risk level Counts 
No rule to display 
No. Control Priority Total counts 
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SA-22 


Rule 


UNSUPPORTED SYSTEM COMPONENTS 


Service 


No rule to display 


Categories 


System and Communications Protection 


No. 


SC-1 


Rule 


Control 


SYSTEM AND COMMUNICATIONS PROTECTION POLICY AND 


PROCEDURES 


Service 


No rule to display 


No. 


SC-2 


Rule 


Control 


APPLICATION PARTITIONING 


Service 


IAM Policies With Full 
Administrative Privileges 


No. 


SC-3 


Rule 


Private Endpoint 


IAM 


Control 


SECURITY FUNCTION ISOLATION 


Service 


APIGateway 


AWS Multi-Account 
Centralized Management (Not IAM 


Scored) 


Amazon Macie In Use (Not 


Scored) 


Unrestricted DB Security 


Group 


Macie 


RDS 


Unrestricted Network ACL 
Outbound Traffic 


VPC 
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Categories 


Categories 


Security 


Categories 


Security 


Security 


Security 


Security 


Security 








Risk level Counts 
Priority Total counts 
P1 0 
Risk level Counts 
Priority Total counts 
P 
Risk level Counts 
Priority Total counts 
FAILURE: 88 
P1 
SUCCESS: 21 
Risk level Counts 
Medium Resolve... 
High 
Medium 
Medium 
Medium Resolve... 
53/71 


Unrestricted Network ACL 


Inbound Traffic Me 
AWS Web Application Firewall WAF 
In Use 
No. Control 
SC-4 INFORMATION IN SHARED RESOURCES 
Rule Service 
No rule to display 
No. Control 
SC=5 DENIAL OF SERVICE PROTECTION 
Rule Service 
API Gateway Integrated With 
AWS WAF APIGateway 
CloudFront Integrated With 
WAE CloudFront 
Shield Advanced In Use Shield 
AWS Web Application Firewall WAF 
In Use 
No. Control 
SC-6 RESOURCE AVAILABILITY 
Rule Service 


Queue Unprocessed Messages SOS 


SOS Dead Letter Queue SOS 
No. Control 
SC-7 BOUNDARY PROTECTION 
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Security 


Security 


Categories 


Categories 


Security 


Security 


Security 


Security 


Categories 
Reliability 
Operational 


Excellence, 
Reliability 


Medium 


Medium 


Risk level 


Risk level 


Medium 


Medium 


Medium 


Medium 


Risk level 


Medium 


Low 


FAILURE: 21 Resolve... 


SUCCESS: 1 


Priority Total counts 
P1 0 
Counts 
Priority Total counts 


FAILURE: 47 


P1 
SUCCESS: 5 





Counts 








Resolve... 
Resolve... 
Priority Total counts 
FAILURE: 6 
PO 
SUCCESS: 6 
Counts 






SUCCESS: 6 


FAILURE: 6 Resolve... 


Priority Total counts 


FAILURE: 123 
EL 


SUCCESS: 926 
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Rule Service Categories Risk level Counts 


Private Endpoint APIGateway Security Medium Resolve... 
nas ean CloudFront Security Medium 
i cio sue CloudWatchEvents Security High EE Resolve... 
Unrestricted SSH Access EG2 Security Medium 
Unrestricted RDP Access EC2 Security Extreme 
Unrestricted Oracle Access EC? Security Medium 
Unrestricted MySQL Access EC? Security Medium 
ed Ee EC2 Security Medium 
Unrestricted DNS Access EC2 Security High 
Unrestricted MsSOL Access  EC2 Security Medium 
eee er raap EC2 Security Low Resolve... 
Unrestricted Telnet Access EC2 Security Medium 
Unrestricted SMTP Access EG Security Medium 
Unrestricted RPC Access EC2 Security Medium 
Unrestricted NetBIOS Access EC2 Security Medium 
Unrestricted FTP Access EC2 Security Medium 
Unrestricted CIFS Access EG? Security Medium 
Unrestricted ICMP Access EC2 Security Medium 
i mone EC? Security Medium 
rai Elasticsearch EC? N Medium 
Unrestricted HTTP Access EG2 Security Medium 
Unrestricted HTTPS Access PC? Security Medium 
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Elasticsearch Cross Account 


Elasticsearch Security High SUCCESS: 2 
Access 


Lambda Cross Account 


Lambda Security Medium SUCCESS: 458 
Access 


Unrestricted DB Security 


RDS Security Medium SUCCESS: 18 
Group 


Unrestricted Network ACL 


VP i Medi FAILURE: 21 Resolve: 
Outbound Traffic C Security edium esolve 


Unrestricted Network ACL 
Inbound Traffic 


VPC Security Medium FAILURE: 21 Resolve... 


No. Control Priority Total counts 


SUCCESS: 16 


SC-8 TRANSMISSION CONFIDENTIALITY AND INTEGRITY P1 O uces | 


Rule Service Categories Risk level Counts 
| F Vi P | 
loos EE meee CloudFront Security Medium 
Policy 
Firehose Deli 
EE Em Firehose Security High Resolve... 
Encryption 
Kinesis Server Side Encryption Kinesis Security High 
Kinesi E With 
ee ee One epee Ue Kinesis Security High Resolve... 
CMK 
A Macie | N 
erage ee Macie Security Medium 
Scored) 
Secure Transport UZEZ: S3 Securit Medium Resolve... 
P ' 
OSE With KM 
EE SOS Security High Resolve... 
Customer Master Keys 
No. Control Priority Total counts 
SC-9 TRANSMISSION CONFIDENTIALITY 0 
Rule Service Categories Risk level Counts 
No rule to display 
No. Control Priority Total counts 
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SC-10 NETWORK DISCONNECT 
Rule Service Categories 
Unassociated Elastic IP Cost 
EC2 EE 
Addresses Optimisation 
Unused Elastic Network Performance 
EC2 7 
Interfaces Efficiency 
No. Control 
SC-11 TRUSTED PATH 
Rule Service Categories 
Valid IAM Identity Providers IAM Security 


No. Control 


SC-12 


Rule Service Categories 
KMS Customer Master Key . 
KM 
(CMK) In Use S Security 
Key Rotation Enabled KMS Security 
Unused Customer Master Key KMS sc os 
Optimisation 
KMS Customer Master Key eee 
Pending Deletion ae ene 
Key Exposed KMS Security 
KMS Cross Account Access KMS Security 
No. Control 
SC-13 CRYPTOGRAPHIC PROTECTION 
Rule Service Categories 
| F Traffic Te igi 
CloudFront Traffic To Origin CloudFront daai 


Unencrypted 
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Risk level 


Low 


Low 


Risk level 


High 


CRYPTOGRAPHIC KEY ESTABLISHMENT AND MANAGEMENT 


Risk level 


Medium 


Medium 


Low 


Medium 


High 


High 


Risk level 


Medium 


R2 SUCCESS: 6 


Counts 


SUCCESS: 2 


SUCCESS: 4 


Priority Total counts 
ro 
Counts 


FAILURE: 1 


Resolve... 












Priority Total counts 
FAILURE: 1 
P1 
SUCCESS: 65 
Counts 
SUCCESS: 1 
FAILURE: 1 
Resolve... 
SUCCESS: 12 
SUCCESS: 13 
SUCCESS: 13 
SUCCESS: 13 
SUCCESS: 13 
Priority Total counts 
FAILURE: 87 
P1 
SUCCESS: 55 
Counts 


SUCCESS: 32 
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CloudTrail Logs Encrypted CloudTrail Security Medium FAILURE: 18 Resolve... 


AWS KMS Customer Master 


i High FAILURE: 18 Resolve... 
Keys for Table Encryption PkaneDE Security 9 Resolve 


Encryption At Rest Elasticsearch Security High FAILURE: 2 Resolve... 


Firehose Delivery Stream 







Firehose Security High Resolve... 
Encryption 
eae pee? Kinesis Security High Resolve... 
CMK 
SNS Topic Encrypted SNS Securit High Resolve... 
SNS Topic Encrypted With 
SNS S t High Resolve... 
KMS Customer Master Keys Ba 9 Ee 
oo Er EpEd EE SOS Security High Resolve... 
Customer Master Keys 
SSM Parameter Encryption SSM Security Medium Resolve... 
No. Control Priority Total counts 
SC-14 PUBLIC ACCESS PROTECTIONS 0 
Rule Service Categories Risk level Counts 
No rule to display 
No. Control Priority Total counts 
SC-15 COLLABORATIVE COMPUTING DEVICES Bi 0 
Rule Service Categories Risk level Counts 
No rule to display 
No. Control Priority Total counts 
SC-16 TRANSMISSION OF SECURITY ATTRIBUTES PO 
Rule Service Categories Risk level Counts 
CloudFront Traffic To Origin CloudFront dei Medium 
Unencrypted 
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Firehose Delivery Stream 


Firehose Security 
Encryption 
Kinesis Server Side Encryption Kinesis Security 
Kinesis Stream Encrypted With _. . 
CMK Kinesis Security 
Secure Transport S3 Security 
No. Control 
SC-17 PUBLIC KEY INFRASTRUCTURE CERTIFICATES 
Rule Service Categories 
Operational 
ACM Certificate Expired ACM Excellence, 
Security 
Operational 
AWS ACM Certificates Validity ACM Excellence, 
Security 
Client Certificate APIGateway Security 
No. Control 
SC-18 MOBILE CODE 
Rule Service Categories 
No rule to display 
No. Control 
SC-19 VOICE OVER INTERNET PROTOCOL 
Rule Service Categories 


No rule to display 


High 


High 


High 


Medium 


Risk level 


High 


Risk level 


Risk level 


SECURE NAME / ADDRESS RESOLUTION SERVICE (AUTHORITATIVE 


No. Control 
ead SOURCE) 
Rule 
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Service 


Categories 


Risk level 





Priority 


P1 


Counts 





Priority 


P2 


Counts 


Priority 


P1 


Counts 


Priority 


P1 


Counts 


Resolve... 


Resolve... 


Resolve... 


Total counts 


FAILURE: 48 


SUCCESS: 4 





Resolve... 


Resolve... 


Total counts 


Total counts 


Total counts 
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No rule to display 


No. Control 


SECURE NAME / ADDRESS RESOLUTION SERVICE (RECURSIVE OR 


oe CACHING RESOLVER) 
Rule Service Categories Risk level 
Route 53 In Use Route53 Reliability Medium 


No. Control 


ARCHITECTURE AND PROVISIONING FOR NAME / ADDRESS 


ae RESOLUTION SERVICE 
Rule Service Categories Risk level 
Route 53 In Use Route53 Reliability Medium 
No. Control 
SC-23 SESSION AUTHENTICITY 
Rule Service Categories Risk level 
Operational 
ACM Certificate Expired ACM Excellence, High 
Security 
Client Certificate APIGateway Security Medium 
loudFront | igi 
Ee EE n CloudFront Security Medium 
SSL Protocols 
Secure Transport S3 Security Medium 
No. Control 
SC-24 FAIL IN KNOWN STATE 
Rule Service Categories Risk level 
Performance 
ElasticSearch ClusterStatus Elasticsearch > High 
Efficiency 
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Priority Total counts 
: 
Counts 


FAILURE: 1 


Resolve... 


Priority Total counts 
: 
Counts 


FAILURE: 1 


Resolve... 


Priority Total counts 
FAILURE: 95 
P1 
SUCCESS: 45 
Counts 
FAILURE: 2 
Resolve... 
SUCCESS: 1 
FAILURE: 46 Resolve... 
FAILURE: 1 
Resolve... 
SUCCESS: 35 
FAILURE: 46 
Resolve... 
SUCCESS: 9 








Priority Total counts 
P 
Counts 


SUCCESS: 2 
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No. Control 

SC-25 THIN NODES 
Rule Service Categories 
No rule to display 

No. Control 

SC-26 HONEYPOTS 
Rule Service Categories 
No rule to display 

No. Control 

SC-27 PLATFORM-INDEPENDENT APPLICATIONS 
Rule Service Categories 
No rule to display 

No. Control 

SC-28 PROTECTION OF INFORMATION AT REST 
Rule Service Categories 
CloudTrail Logs Encrypted CloudTrail Security 
Encryption At Rest Elasticsearch Security 
S3 Bucket Versioning Enabled S3 Reliability 
S3 Bucket MFA Delete 
Enabled 53 Security 
S3 Object Lock S3 Security 

No. Control 

SC-29 HETEROGENEITY 
Rule Service Categories 
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Risk level 


Risk level 


Risk level 


Risk level 


Medium 


High 


Low 


Low 


Low 


Risk level 


Priority 


PO 


Counts 


Priority 


PO 


Counts 


Priority 


PO 


Counts 


Priority 


P1 


Total counts 


Total counts 


Total counts 


Total counts 


FAILURE: 184 


SUCCESS: 1 


Counts 


Priority 


PO 


Counts 


Resolve... 


Resolve... 


Resolve... 


Resolve... 


Resolve... 


Total counts 
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No rule to display 


No. Control 
SC-30 CONCEALMENT AND MISDIRECTION 
Rule Service Categories 


No rule to display 


No. Control 
SC-31 COVERT CHANNEL ANALYSIS 
Rule Service Categories 


No rule to display 


No. Control 

SC-32 INFORMATION SYSTEM PARTITIONING 
Rule Service Categories 
Private Endpoint APIGateway Security 
Unrestricted DB Security RDS di 
Group 

No. Control 

SC-33 TRANSMISSION PREPARATION INTEGRITY 
Rule Service Categories 
No rule to display 

No. Control 

SC-34 NON-MODIFIABLE EXECUTABLE PROGRAMS 
Rule Service Categories 


No rule to display 


No. Control 
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Risk level 


Risk level 


Risk level 


Medium 


Medium 


Risk level 


Risk level 


Priority 
PO 


Counts 


Priority 


PO 


Counts 


Priority 


Total counts 


Total counts 


Total counts 


FAILURE: 46 


SUCCESS: 18 


, EE 


Counts 


FAILURE: 46 
SUCCESS: 18 


Priority 


Counts 


Priority 


PO 


Counts 


Priority 


Resolve... 


Total counts 


Total counts 


Total counts 
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SC-35 HONEYCLIENTS 


Rule Service Categories 


No rule to display 


No. Control 
SC-36 DISTRIBUTED PROCESSING AND STORAGE 
Rule Service Categories 
CloudFront In Use CloudFront Security 
Elasticsearch Zone Awareness Elasticsearch Reliability 
Enabled 
Performance 
Managed NAT Gateway In Use VPC oo 
Efficiency 
No. Control 
SC-37 OUT-OF-BAND CHANNELS 
Rule Service Categories 
No rule to display 
No. Control 
SC-38 OPERATIONS SECURITY 
Rule Service Categories 
Operational 
Tracing Enabled APIGateway Excellence 
GuardDuty Findings GuardDuty Security 
Amazon Macie In Use (Not f . 
Macie Security 
Scored) 
No. Control 
SC-39 PROCESS ISOLATION 
Rule Service Categories 
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Risk level 


Risk level 


Medium 


Medium 


Medium 


Risk level 


Risk level 


Low 


Medium 


Medium 


Risk level 


PO 


Counts 


Priority 


PO 


Total counts 


FAILURE: 2 





Counts 


SUCCESS: 1 


SUCCESS: 1 


Priority 


PO 


Counts 


Priority 


PO 


SUCCESS: 2 





Total counts 


Total counts 


FAILURE: 78 


SUCCESS: 1 


FAILURE: 2 Resolve... 





Counts 


FAILURE: 46 


SUCCESS: 1 


Priority 


P1 


Counts 





Resolve... 


FAILURE: 32 Resolve... 


Total counts 
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No rule to display 


No. Control 


SC-40 WIRELESS LINK PROTECTION 


Rule Service 


No rule to display 


No. Control 


SC-41 PORT AND I/O DEVICE ACCESS 


Rule Service 


No rule to display 


No. Control 

SC-42 SENSOR CAPABILITY AND DATA 
Rule Service 
No rule to display 

No. Control 

SC-43 USAGE RESTRICTIONS 
Rule Service 
No rule to display 

No. Control 

SC-44 DETONATION CHAMBERS 
Rule Service 
GuardDuty Enabled GuardDuty 
GuardDuty Findings GuardDuty 
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Categories Risk level 
Categories Risk level 
Categories Risk level 
Categories Risk level 
Categories Risk level 
Security Medium 

Security Medium 


Priority 
PO 


Counts 


Priority 


PO 


Counts 


Priority 


PO 


Counts 


Priority 


PO 


Counts 


Priority 


Total counts 


Total counts 


Total counts 


Total counts 


Total counts 


FAILURE: 32 


SUCCESS: 18 


, apes 


Counts 


SUCCESS: 18 


FAILURE: 32 


Resolve... 
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System and Information Integrity 


No. Control Priority Total counts 
SI-1 SYSTEM AND INFORMATION INTEGRITY POLICY AND PROCEDURES dl 0 
Rule Service Categories Risk level Counts 


No rule to display 


No. Control Priority Total counts 
SI-2 FLAW REMEDIATION P1 0 
Rule Service Categories Risk level Counts 


No rule to display 


No. Control Priority Total counts 
SI-3 MALICIOUS CODE PROTECTION P1 0 
Rule Service Categories Risk level Counts 


No rule to display 


No. Control Priority Total counts 
SI-4 INFORMATION SYSTEM MONITORING P1 
Rule Service Categories Risk level Counts 
GuardDuty Enabled GuardDuty Security Medium 
GuardDuty Findings GuardDuty Security Medium Resolve... 
Shield Advanced In Use Shield Security Medium Resolve... 
No. Control Priority Total counts 
SI-5 SECURITY ALERTS, ADVISORIES, AND DIRECTIVES P1 
Rule Service Categories Risk level Counts 


| formit t ional 
n sis oo As CloudConformity eae High FAILURE: 1 Resolve... 
Policy Version Excellence 
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No. Control Priority Total counts 


SI-6 SECURITY FUNCTION VERIFICATION Pi 0 


Rule Service Categories Risk level Counts 


No rule to display 


No. Control Priority Total counts 
SI-7 SOFTWARE, FIRMWARE, AND INFORMATION INTEGRITY Pi 0 
Rule Service Categories Risk level Counts 


No rule to display 


No. Control Priority Total counts 
SI-8 SPAM PROTECTION R2 0 
Rule Service Categories Risk level Counts 


No rule to display 


No. Control Priority Total counts 
SI-9 INFORMATION INPUT RESTRICTIONS 0 
Rule Service Categories Risk level Counts 


No rule to display 


No. Control Priority Total counts 
SI-10 INFORMATION INPUT VALIDATION Pi 0 
Rule Service Categories Risk level Counts 


No rule to display 


No. Control Priority Total counts 
SI-11 ERROR HANDLING R2 0 
Rule Service Categories Risk level Counts 


No rule to display 
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No. Control 
SI-12 INFORMATION HANDLING AND RETENTION 
Rule Service Categories 
D DB i 
vheine eC ennndeus DynamoDB Reliability 
Backups 
No. Control 
SI-13 PREDICTABLE FAILURE PREVENTION 
Rule Service Categories 
Elasti hZ A 
GE rene Elasticsearch Reliability 
Enabled 
Performance 
Managed NAT Gateway In Use VPC ii 
Efficiency 
No. Control 
SI-14 NON-PERSISTENCE 
Rule Service Categories 
No rule to display 
No. Control 
SI-15 INFORMATION OUTPUT FILTERING 
Rule Service Categories 
API Gateway Integrated With . 
AWS WAF APIGateway Security 
CloudFront Integrated With 
WAE CloudFront Security 
AWS Web Application Firewall WAF Seau 
In Use 
No. Control 
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Risk level 


High 


Risk level 


Medium 


Medium 


Risk level 


Risk level 


Medium 


Medium 


Medium 





Priority Total counts 








FAILURE: 5 
PP 
SUCCESS: 13 
Counts 
FAILURE: 5 
Resolve... 
SUCCESS: 13 
Priority Total counts 
FAILURE: 2 
PO 
SUCCESS: 1 
Counts 





FAILURE: 2 Resolve... 


SUCCESS: 1 


Priority Total counts 
PO 0 
Counts 
Priority Total counts 
PO 
SUCCESS: 5 
Counts 
SUCCESS: 4 
SUCCESS: 1 
Priority Total counts 
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SI-16 MEMORY PROTECTION Pil 0 


Rule Service Categories Risk level Counts 


No rule to display 








No. Control Priority Total counts 
SI-17 FAIL-SAFE PROCEDURES PO 

Rule Service Categories Risk level Counts 

Operational 
APls Detail loudWatch Excell FAILURE: 45 
j ele oe ie APIGateway EE Medium Resolve... 
Metrics Performance SUCCESS: 1 
Efficiency 
Authorization Failures Alarm CloudWatchLogs Security Medium FAILURE: 1 Resolve... 
Program Management 

No. Control Priority Total counts 
PM-1 INFORMATION SECURITY PROGRAM PLAN 0 

Rule Service Categories Risk level Counts 

No rule to display 
No. Control Priority Total counts 
PM-2 SENIOR INFORMATION SECURITY OFFICER 0 

Rule Service Categories Risk level Counts 

No rule to display 
No. Control Priority Total counts 
PM-3 INFORMATION SECURITY RESOURCES 0 

Rule Service Categories Risk level Counts 


No rule to display 
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No. Control 


PM-4 PLAN OF ACTION AND MILESTONES PROCESS 


Rule Service 


No rule to display 


No. Control 

PM-5 INFORMATION SYSTEM INVENTORY 
Rule Service Categories 
No rule to display 

No. Control 

PM-6 INFORMATION SECURITY MEASURES OF PERFORMANCE 
Rule Service Categories 
No rule to display 

No. Control 

PM-7 ENTERPRISE ARCHITECTURE 
Rule Service Categories 
No rule to display 

No. Control 

PM-8 CRITICAL INFRASTRUCTURE PLAN 
Rule Service Categories 
No rule to display 

No. Control 

PM-9 RISK MANAGEMENT STRATEGY 
Rule Service Categories 


No rule to display 
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Categories 


Risk level 


Risk level 


Risk level 


Risk level 


Risk level 


Risk level 


Priority 


Counts 


Priority 


Counts 


Priority 


Counts 


Priority 


Counts 


Priority 


Counts 


Priority 


Counts 


Total counts 


Total counts 


Total counts 


Total counts 


Total counts 


Total counts 
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No. Control 


PM-10 SECURITY AUTHORIZATION PROCESS 


Rule Service Categories Risk level 


No rule to display 


No. Control 
PM-11 MISSION/BUSINESS PROCESS DEFINITION 
Rule Service Categories Risk level 


No rule to display 


No. Control 
PM-12 INSIDER THREAT PROGRAM 
Rule Service Categories Risk level 


No rule to display 


No. Control 
PM-13 INFORMATION SECURITY WORKFORCE 
Rule Service Categories Risk level 


No rule to display 


No. Control 
PM-14 TESTING, TRAINING, AND MONITORING 
Rule Service Categories Risk level 


No rule to display 


No. Control 


PM-15 CONTACTS WITH SECURITY GROUPS AND ASSOCIATIONS 


Rule Service Categories Risk level 


No rule to display 
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Priority 


Counts 


Priority 


Counts 


Priority 


Counts 


Priority 


Counts 


Priority 


Counts 


Priority 


Counts 


Total counts 


Total counts 


Total counts 


Total counts 


Total counts 


Total counts 
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No. Control Priority Total counts 


PM-16 THREAT AWARENESS PROGRAM 0 


Rule Service Categories Risk level Counts 


No rule to display 
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